Skip to Main Content
United Kingdom
Select regional store:
Online exclusive! Receive a free e-book when you purchase a training course or toolkit online before 30 September!
Cyber Essentials Plus - Get A Lot of Help

Cyber Essentials Plus - Get A Lot of Help

SKU: G4502
Format: Certification (Online purchases only)

IT Governance is a CREST-accredited Cyber Essentials certification body, meaning that this service includes an external and internal vulnerability scan that independently verifies your security status.

This service will help you achieve CREST-accredited Cyber Essentials Plus certification with a lot of help from us. It is conducted online and includes:

  • CREST-accredited certification;
  • A documentation toolkit;
  • One full day of on-site consultancy;
  • An external vulnerability scan;
  • An on-site assessment; and
  • An internal vulnerability scan.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our service centre team on +44 (0)333 800 7000.

Save £195 when you purchase the Cyber Essentials - Get A Lot of Help package. (RRP. £2845. Discount automatically applied at checkout.)
From £2,650.00
ex vat
Description

The Cyber Essentials scheme is a world-leading, cost-effective assurance mechanism for companies of all sizes to demonstrate that the most important cyber security controls have been implemented. It provides five security controls that, according to the UK government, could prevent “around 80% of cyber attacks”.

This service will give you a good chance of achieving a CREST-accredited Cyber Essentials Plus certification at the first attempt. It is also designed for organisations with little or no knowledge of the five controls (secure configuration, boundary firewalls, access controls, patch management and malware protection) and testing conditions, as well as those that do not know their scope or the IP range that should be tested. We also recommend this solution for large organisations with complex organisational structures.


What's included in the Cyber Essentials Plus Get a Lot of Help Bundle?

Cyber Essentials Plus - Do It Yourself

With this service you can conduct the entire certification process using our secure portal – a user-friendly, no-fuss solution to applying for Cyber Essentials Plus certification. This unique online service enables companies to apply for Cyber Essentials Plus certification following a convenient ‘do it yourself’ approach.

Cyber Essentials Toolkit

The most important aspect of your CES documentation is that it must be your own work and in your own words. You will need to complete the documents in the toolkit to reflect your organisational culture, your processes and your technologies.

  • Designed to reflect the requirements of the Cyber Essentials Scheme
  • Built on expert knowledge from numerous cyber security implementation projects
  • Ensure that the controls you are implementing are aligned to the requirements of the Cyber Essentials Scheme

Cyber Essentials Onsite Consultancy – 1 day

This full day of on-site consultancy is designed for organisations that have not previously certified and have little or no knowledge of how to define their scope, the IP testing range or how to meet the five controls: secure configuration, boundary firewalls, access controls, patch management and malware protection.

Scans & assessment

Your bundle will also include the following:

  • External vulnerability scan;
  • On-site assessment; and
  • Internal vulnerability scan.

How the application process works:

  • We send you details of how to log on to our Cyber Essentials online portal.
  • We book your full day of on-site consultancy.
  • You define your scope for testing, which will either be the whole organisation’s enterprise IT or a subset.
  • You complete and submit your self-assessment questionnaire (SAQ).
  • We inform you if the SAQ meets the requirements of the Cyber Essentials scheme.
  • You schedule your on-site assessment, which will include the internal vulnerability scan.
  • You schedule your external vulnerability scan through the portal.
  • We will conduct the on-site assessment and perform the necessary internal scan on a sample of your Internet-facing devices.
  • We will provide you with the results of the internal scan and on-site assessment. If there are nonconformities, we will provide detailed feedback to help you understand how to close these gaps and achieve certification.
  • Subject to a positive outcome, we issue your Cyber Essentials Plus certificate.

Take the extra step to strengthen your security with Phishing Staff Awareness training

Phishing Staff Awareness

Human error is one of the leading causes of data breaches. Failing to train your staff on the dos and don’ts of cyber security could be disastrous. Data breaches not only result in financial losses and penalties but can also damage your reputation as consumers lose faith in your brand. Train your staff and take the extra step to boost your security with a phishing staff awareness course.

Empower and educate your staff on the right steps to take to keep your organisation and data secure. Achieving Cyber Essentials certification and implementing phishing staff awareness training will strengthen your defences, further secure your organisation and help to mitigate your risk of attack.

Find out more about the phishing staff awareness course >>

Benefits

Benefits of the Cyber Essentials scheme:

Demonstrate security and help secure the supply chain

The Information Commissioner’s Office (ICO), whose job it is to uphold the EU GDPR in the UK, recommends Cyber Essentials as ‘A good starting point’ for the cyber security of the IT you rely on to hold and process personal data.

Increase your chances of securing
business

If you would like to bid for central government contracts that involve handling sensitive and personal information or the provision of certain technical products and services, you will require Cyber Essentials certification. 

Reduce cyber insurance
premiums

Cyber insurance agencies look more favourably on organisations that have achieved Cyber Essentials certification. 

Prerequisites & conditions

Prerequisites

This package includes on-site testing at one location, of one type of user account, on up to ten device builds. Additional workstations, mobile devices and build types may need to be tested to meet sampling requirements of the scheme. If you require additional devices to be tested, you will need to purchase Cyber Essentials Plus Additional Device Testing

The number of locations to be tested depends on whether all the different builds can be tested in one location. A build can be delivered to a particular site for testing purposes even if it is not normally deployed there, providing it accesses the Internet in its usual manner.

The number of builds is defined by the number of configurations of operating system and software suites installed. Examples of relevant software are listed below:

  • Oracle Java
  • Adobe Acrobat
  • Microsoft Office
  • Adobe Flash
  • Mozilla Firefox
  • Google Chrome
  • Opera
  • Microsoft Internet Explorer
  • Antivirus solution

If more than one browser or Office suite is used, each variant will need to be tested. If they are installed on the same build, this is acceptable.

For further information see our FAQ section.


Pre-test requirements

  • All user device builds to be tested, including mobile and BYOD, must be available for testing.
  • A local user account with username and password must be available for each user group in scope.
  • Devices must have Internet access, allow emails from our test domain and be accessible by our test web server (https://ces.itgovernance.co.uk).
  • You must provide details of a user email account per user group being assessed.
  • Workstation builds must be configured to allow an authenticated vulnerability scan that will determine patch and version numbers of installed software, and details of the account to be used.
  • Remote registry must be enabled on the workstation builds, and no global policies that block the authenticated vulnerability scan are permitted.

Additional conditions

  • The package includes a free vulnerability scan for up to 16 IP addresses. If you have more than 16 IP addresses, you will need to purchase additional IP packages in packs of 16. If you fail your external scan, a rescan will need to be purchased, plus any additional IP packages that you need.
  • You will receive the documentation toolkit within 48 hours of your purchase and we will contact you at the same time to schedule your on-site consultancy. Your consultancy can be split between on-site and Live Online consultancy. Any unused consultancy time will not be credited back.
  • If your business is located outside mainland UK (England, Scotland and Wales), additional expenses will be charged to accommodate our consultant’s travel for the on-site consultancy and the on-site assessment.
  • If you require further Live Online consultancy support, you can buy it here.
  • For non-web purchases there is an additional £100 manual processing fee.

View all the repeat testing and assessment fees here >>

Customer Reviews

(5.00)stars out of 5
# of Ratings: 2
1. on 27/06/2016, said:
5 stars out of 5
I am a big fan of Cyber Essentials: as a government-backed and industry-supported scheme it allows us to demonstrate to stakeholders that we have essential IT security controls in place. I am proud of the Action for Children IT team for achieving the ‘Plus’ level of certification for two years running. Action for Children have found the certification robust, worthwhile and cost effective. I would encourage all organisations to consider Cyber Essentials, especially those providing services to public sector bodies. Alan Crawford, Chief Information Officer - Action for Children
2. on 27/06/2016, said:
5 stars out of 5
Security is at the heart of everything we do, we take cyber security very seriously – the data centre is our business and security is part of that foundation. Achieving Cyber Essentials Plus will add great value: sharing the knowledge is one of our core values and our security accreditations allow us to live this value safely and effectively whilst enabling our customers to do the same. This fits well with our other certificates like ISO/IEC 27001:2013 and ISO/IEC 22301:2012. This gives our customers absolute piece of mind that their data is in the safest hands and ensures that our team are kept upskilled and informed. A. Rahim Khan, Information Security Officer - brightsolid Online Technology Ltd
Showing comments 1-2 of 2
This website uses cookies. View our cookie policy
Win £250
Loading...